IP address

Passive DNS

Tags: IP in hostname

IP blacklists

Spamhaus SBL

45.138.16.103 is listed on the Spamhaus SBL blacklist.

Description: The Spamhaus Block List ("SBL") Advisory is a database of IP addresses from which Spamhaus does not recommend the acceptance of electronic mail.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-01-15 05:08:35.296000
Was present on blacklist at: 2025-12-18 05:06, 2025-12-25 05:09, 2026-01-01 05:09, 2026-01-08 05:07, 2026-01-15 05:08

Spamhaus XBL CBL

45.138.16.103 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-01-15 05:08:35.296000
Was present on blacklist at: 2025-12-18 05:06, 2025-12-25 05:09, 2026-01-01 05:09, 2026-01-08 05:07, 2026-01-15 05:08

Spamhaus DROP

45.138.16.103 is listed on the Spamhaus DROP blacklist.

Description: Spamhaus DROP (Don't Route Or Peer) list. Netblocks controlled by spammers or cyber criminals. The DROP lists are a tiny subset of the SBL, designed for use by firewalls and routing equipment to filter out the malicious traffic from these netblocks.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-01-15 05:08:35.296000
Was present on blacklist at: 2025-12-18 05:06, 2025-12-25 05:09, 2026-01-01 05:09, 2026-01-08 05:07, 2026-01-15 05:08

Turris greylist

45.138.16.103 is listed on the Turris greylist blacklist.

Description: Greylist is the output of the Turris research project by CZ.NIC,<br>which collects data of malicious IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-01-11 22:15:00.153000
Was present on blacklist at: 2025-12-18 22:15, 2025-12-19 22:15, 2025-12-21 22:15, 2026-01-02 22:15, 2026-01-05 22:15, 2026-01-07 22:15, 2026-01-08 22:15, 2026-01-11 22:15

AbuseIPDB

45.138.16.103 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-01-02 05:00:00.780000
Was present on blacklist at: 2025-12-31 05:00, 2026-01-02 05:00

DShield reports (IP summary, reports)

2025-12-17: Number of reports: 11; Distinct targets: 6
2025-12-18: Number of reports: 11; Distinct targets: 6
2025-12-19: Number of reports: 16; Distinct targets: 7
2025-12-31: Number of reports: 16; Distinct targets: 5
2026-01-01: Number of reports: 20; Distinct targets: 10
2026-01-02: Number of reports: 20; Distinct targets: 10
2026-01-04: Number of reports: 14; Distinct targets: 4
2026-01-05: Number of reports: 10; Distinct targets: 6
2026-01-06: Number of reports: 10; Distinct targets: 3

Origin AS: AS201814 - PL-SKYTECH-AS; AS210558 - services-1337-gmbh
BGP Prefix: 45.138.16.0/24
geo: Poland, Warsaw; 🕑 Europe/Warsaw
hostname: 45.138.16.103.powered.by.rdp.sh
hostname_class: ['ip_in_hostname']
Address block ('inetnum' or 'NetRange' in whois database): 45.138.16.0 - 45.138.19.255
reserved_range: 0
Shodan's InternetDB: Open ports: 443, 3389, 5005; Tags: self-signed; CPEs: –
ts_added: 2025-12-18 05:06:25.943000
ts_last_update: 2026-01-15 05:08:35.326000

Warden event timeline

DShield event timeline

Presence on blacklists